Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BJXKJP-W89HKJxERzj6nWimgQG0.roa
File:                     BJXKJP-W89HKJxERzj6nWimgQG0.roa (raw, json)
Hash identifier:          Gl1MIRSRtPwegDwjTM4SHxNGn8wK4TgWSCL2s01sP+c=
Subject key identifier:   04:95:CA:24:FF:96:F3:D1:CA:27:11:11:CE:3E:A7:5A:29:A0:40:6D
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA29880CBE3947EEDE554EDE10F234D9
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BJXKJP-W89HKJxERzj6nWimgQG0.roa
Signing time:             Tue 02 Jan 2024 12:32:48 +0000
ROA not before:           Tue 02 Jan 2024 12:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206804
IP address blocks:        85.203.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:88:0c:be:39:47:ee:de:55:4e:de:10:f2:34:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0495ca24ff96f3d1ca271111ce3ea75a29a0406d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4d:4f:3f:e3:86:49:4f:f8:8d:9a:8c:55:43:
                    02:4a:fb:db:ae:bf:2f:e0:15:63:29:03:32:2a:34:
                    85:70:0a:7b:fe:8f:f8:74:f0:02:a9:a2:0a:ed:43:
                    4e:4a:4f:13:2d:8c:a0:2c:b3:ac:e9:42:4c:6f:73:
                    f0:df:9b:a6:68:54:5a:d6:16:db:d1:8a:eb:21:e5:
                    f8:09:30:e8:de:f0:0c:d2:b3:93:02:f2:32:f7:ad:
                    8b:82:fa:5a:be:51:2a:45:ac:95:22:69:13:ef:c8:
                    35:e0:34:86:66:05:63:bb:c2:59:2f:d5:9d:22:45:
                    69:90:c4:bb:98:22:20:0c:e5:3a:57:b7:91:02:58:
                    d7:2c:4e:1a:31:29:78:a0:6a:18:82:20:fe:8d:c6:
                    0f:72:be:b3:20:97:46:2b:9b:02:5b:1d:fd:50:fe:
                    b3:4e:c9:33:ab:37:9a:66:54:96:87:75:f8:ac:ea:
                    a8:a6:6f:6d:80:4f:ba:f4:13:4d:4d:3b:22:2a:f9:
                    8b:92:22:13:98:a6:0a:9b:ee:e9:21:bb:73:c9:83:
                    14:a2:30:8b:68:df:68:d0:54:9b:56:34:8c:de:07:
                    6b:a3:2d:04:57:bf:ac:a0:e8:f5:77:b3:25:61:52:
                    8f:cd:21:b2:f8:45:c1:ba:d9:12:7d:fd:74:f5:2d:
                    ab:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:95:CA:24:FF:96:F3:D1:CA:27:11:11:CE:3E:A7:5A:29:A0:40:6D
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BJXKJP-W89HKJxERzj6nWimgQG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:1f:66:9d:35:7c:84:e7:f0:3c:d6:5e:d6:83:c7:0d:b8:22:
         42:82:78:c6:08:1a:0f:7c:eb:66:a6:1a:7d:2b:c5:49:40:04:
         36:01:36:19:00:33:e0:64:e2:ed:08:65:de:fd:76:2d:88:ce:
         bd:9d:03:76:83:21:6c:83:3b:6a:2c:b0:de:70:2b:3a:88:40:
         be:2c:a3:cc:fb:86:16:89:c8:c1:10:1c:02:f4:2b:a6:87:b7:
         d6:ee:92:8e:1c:a0:f2:ce:de:a1:62:ee:0f:19:c7:ac:2e:33:
         7c:4c:92:4b:3b:5b:1e:c0:8d:62:44:8b:57:21:04:dc:71:f5:
         5c:69:02:bb:4b:fd:99:67:b1:64:ae:23:b2:5e:a9:c4:41:bd:
         2a:7f:0d:6f:aa:da:2a:68:f4:30:7b:60:e0:da:f2:e0:7a:7e:
         e1:11:08:1e:5b:af:89:9f:43:10:d8:4b:3e:cb:d7:19:9e:59:
         fa:e8:3c:98:92:90:a8:a3:e1:e7:57:3f:5e:8f:8f:79:a3:01:
         16:b9:96:bb:1b:3c:65:86:48:f6:42:f3:7a:06:29:44:0f:cc:
         ac:3b:7a:97:1a:44:26:2c:f0:24:73:d3:21:8c:1e:30:13:31:
         4f:65:17:2b:34:1d:82:1d:d0:b4:c6:47:07:24:d5:13:23:3b:
         d7:81:44:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKYgMvjlH7t5VTt4Q8jTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk1Y2EyNGZmOTZmM2QxY2EyNzExMTFjZTNlYTc1YTI5YTA0MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk1PP+OGSU/4jZqMVUMCSvvbrr8v
4BVjKQMyKjSFcAp7/o/4dPACqaIK7UNOSk8TLYygLLOs6UJMb3Pw35umaFRa1hbb
0YrrIeX4CTDo3vAM0rOTAvIy962LgvpavlEqRayVImkT78g14DSGZgVju8JZL9Wd
IkVpkMS7mCIgDOU6V7eRAljXLE4aMSl4oGoYgiD+jcYPcr6zIJdGK5sCWx39UP6z
TskzqzeaZlSWh3X4rOqopm9tgE+69BNNTTsiKvmLkiITmKYKm+7pIbtzyYMUojCL
aN9o0FSbVjSM3gdroy0EV7+soOj1d7MlYVKPzSGy+EXButkSff109S2rYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASVyiT/lvPRyicREc4+p1opoEBtMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvQkpYS0pQLVc4OUhLSnhFUnpqNm5XaW1nUUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsnMA0G
CSqGSIb3DQEBCwUAA4IBAQAQH2adNXyE5/A81l7Wg8cNuCJCgnjGCBoPfOtmphp9
K8VJQAQ2ATYZADPgZOLtCGXe/XYtiM69nQN2gyFsgztqLLDecCs6iEC+LKPM+4YW
icjBEBwC9Cumh7fW7pKOHKDyzt6hYu4PGcesLjN8TJJLO1sewI1iRItXIQTccfVc
aQK7S/2ZZ7FkriOyXqnEQb0qfw1vqtoqaPQwe2Dg2vLgen7hEQgeW6+Jn0MQ2Es+
y9cZnln66DyYkpCoo+HnVz9ej495owEWuZa7Gzxlhkj2QvN6BilED8ysO3qXGkQm
LPAkc9MhjB4wEzFPZRcrNB2CHdC0xkcHJNUTIzvXgUQR
-----END CERTIFICATE-----